Clone wiki

connect / Connect_Meeting_Notes_2020-11-19_Atlantic

OpenID AB/Connect WG Meeting Notes (2020-11-05)

Date & Time: 2020-11-05 15:00 UTC
Location: https://global.gotomeeting.com/join/181372694

Agenda

1. Roll Call
2. Adoption of Agenda (Nat)
3. External Organizations and events
4. Drafts
- 4.1. SIOP draft (Kristina)
- 4.2. prompt=create draft (George)
5. AOB
- 5.1. webauthn

The meeting was called to order at 15:00 UTC.

1. Roll Call

Attending:

Joseph Heenan Krisina Yasuda Brian Campbell Tim Cappalli Tom Jones Bjorn Hjelm John Bradley

Regrets:

Nat

Guest:

2. Adoption of Agenda (Nat)

3. External Organizations and events

3.1. FDX (Nat)

no update

3.2. DIF (Tom/Kristina)

no update

3.3. W3C

3.3.1. WebID CG and IsLoggedIn (Tom)

https://www.w3.org/community/webid/

BlinkOn (Tom)

Session on WebID
Google has an update to the WebID implementation
Google to keep track of user choices to improve the UX
Academic/Research federation use-cases
https://github.com/WICG/WebID/blob/master/enterprises.md

First Party Sets

How to validate set participation?
Browser could help by informing the user about the first party set
Discussing happening in the Privacy CG of the W3C

IETF OAuth working group building a repository of use cases

Action: Should the working group construct a unified response to WebID and IsLoggedIn efforts? - discuss in the next meeting?

3.3.2. Verifiable credential WG (?)

https://www.w3.org/2017/vc/WG/

3.3.3. DID WG (Kristina)

https://www.w3.org/2019/did-wg/

TPAC this week.

4. Drafts

4.1. SIOP draft (Kristina)

Contributed version 2 draft to the working groups. Please review draft found here: https://hackmd.io/NlVqlsfmQf6jeWqIlq8i7g?view

4.2. prompt=create draft (George)

-04 has been sent to the list. It is also in George's branch at the bitbucket.

There are two remaining issues.

Current draft has been implemented by Connect2ID

Regarding issue 1189 - general feedback seems to be to use the 'prompt_values_supported' solution

Regarding issue 1193 - general feedback is to keep prompt=create as a hint

The issue of prompt=create just being hint from the user may be mitigated some with the addition of the discovery metadata as now the RP can determine if the AS supports the feature or not. Also, if the AS has not published that it supports the feature and is sent such a value, then an error response is appropriate.

5. AOB

5.1. webauthn

John focused on CTAP 2.1 right now
Jeff Hodges also involved with WebID at Google
Question: how can webauthn with SIOP
Question: how can SIOP co-exist with WebID

The meeting was adjourned at 15:37 UTC

Updated 2020-11-24